<?php
//if unstuck button is pressed, verify and query db if valid
if(isset($_POST['submit']))
{
	//players account name, password and character name
	$account = $_POST['account'];
	$password = $_POST['password'];
	$character = $_POST['character'];

include_once "configa.php";


	//get accnt# from characters table where the name is character $character
	$con = mysql_connect($dbhost.":".$dbport, $dbuser, $dbpass) or die(mysql_error());
	mysql_select_db($dbwname) or die(mysql_error());

	$character = mysql_real_escape_string(htmlentities($character));

	$query = "SELECT acct FROM characters WHERE name = '".$character."'";

	$result = mysql_query($query) or die(mysql_error());
	$numrows = mysql_num_rows($result);

	echo "<tr><td align=center>";

	//if no rows exist, the character does not exist
	if($numrows == 0)
	{
		die("No such character exists on that account!");
	}

	$row = mysql_fetch_array($result);
	$acct = $row[0];

	mysql_close();

	//get make sure the character exists on the correct account and password is the same
	$con = mysql_connect($dbhost.":".$dbport, $dbuser, $dbpass) or die(mysql_error());
	mysql_select_db($dbwname) or die(mysql_error());

	$account = mysql_real_escape_string($account);
	$password = mysql_real_escape_string($password);
	$acct = mysql_real_escape_string($acct);

	$query = "SELECT login, acct, password FROM accounts WHERE login ='".$account."' AND password = '".$password."' AND acct = '".$acct."'";

	$result = mysql_query($query) or die(mysql_error());
	$numrows = mysql_num_rows($result);

	//if no rows, user entered invalid data
	if ($numrows == 0)
	{
		die("Account name or password is incorrect!");
	}
	mysql_close();
	$con = mysql_connect($dbhost.":".$dbport, $dbuser, $dbpass) or die(mysql_error());
	mysql_select_db($dbwname) or die(mysql_error());

	//update the character table to set the character to hearth location
	$query = "update characters SET positionX = bindpositionX, positionY = bindpositionY, positionZ = bindpositionZ, mapId = bindmapId, zoneId = bindzoneId, deathstate = 0 WHERE name = '".$character."'";

	mysql_query($query) or die(mysql_error());

	echo "<center>";
	echo "<br />";
	echo "<br />";
	echo "The Character with the name '<b>".$character."</b>' under Account '<b>".$account."</b>' has been unstuck!<br>";
	echo "<a href='javascript:history.go(-1)'>Back</a>";

	echo "</td></tr>";

	//close mysql connection
	mysql_close();
}
//if page is loaded, display unstuck form
else
{
	echo "<center>";
	echo "<form name=myform method=post action='unstuck.php'>";

	echo "<br />";
	echo "<h1><u><b>Character Unstucker</b></u></h1>";
	echo "<br />";
	echo "<tr><td width=125>Account: </td><td><input type=text name=account value=''></td></tr>";
	echo "<br />";
	echo "<tr><td width=125>Character: </td><td><input type=text name=character value=''></td></tr>";
	echo "<br />";
	echo "<tr><td width=125>Password: </td><td><input type=password name=password value=''></td></tr>";
	echo "<br />";
	echo "<tr><td colspan=2 align=center><br><input type=submit name=submit value=Unstuck></td></tr>";
	echo "</form>";
}
	echo "</table>";
	echo "<br />";
	echo "<br />";
	echo "You <b>MUST</b> be offline to use this!<br><br>";
	echo "<br />";
	echo " ";
	echo "<br />";
	echo "</center>";
?>